Password Pusher

Password Pusher is a fully open-source web application for sharing passwords, files, URLs, and QR codes through self-destructing links. The project has been actively developed for over a decade by Peter Lombardo and powers thousands of self-hosted deployments across organizations that refuse to send credentials through third-party SaaS tools or paste them directly into chat and email. Released as open-source software, it offers a credible alternative to commercial secret-sharing services without sacrificing security, audit visibility, or branding control.

Common Use Cases

IT and DevOps teams use Password Pusher to deliver one-time credentials to engineers, contractors, and clients without leaving plaintext passwords sitting in email inboxes or message archives. Helpdesks and support organizations push temporary access details to end users with view-count limits, ensuring that passwords cannot be re-read months later if an inbox is compromised. Security and compliance teams take advantage of the audit log and configurable expiration policies to satisfy internal controls around credential handoff. Marketing and partner-facing teams use the white-label branding to share confidential documents and URLs with external parties under their own corporate identity rather than a generic SaaS interface.

Key Features

• Self-destructing pushes with configurable expiration by view count, elapsed time, or both
• Support for password, file, URL, and QR code payloads with separate per-type defaults
• Optional passphrase protection so an intercepted link alone cannot reveal the secret
• Detailed audit logs covering creation, retrieval, IP address, and user-agent metadata
• Optional user accounts with two-factor authentication and session-timeout policies
• Pluggable file storage backends including local disk, Amazon S3, Google Cloud Storage, and Azure Blob
• White-label branding with custom titles, taglines, themes, footer menus, and disclaimers
• 31 supported UI languages and configurable default locale per deployment
• Documented JSON API v2 for automation from CI pipelines, scripts, and internal tools
• Throttling controls and configurable retrieval steps to mitigate scraping or brute-force access

Why deploy Password Pusher on Hostinger VPS

Secret-sharing tools sit on the most sensitive path in any organization, which makes the choice of hosting provider as important as the application itself. Running Password Pusher on a Hostinger VPS keeps every push, audit log entry, and uploaded file inside infrastructure you control, with no third-party SaaS able to read or retain your credentials. Dedicated VPS resources keep the dashboard responsive even when many concurrent pushes are created or retrieved, and the persistent storage attached to the deployment means SQLite data and uploaded files survive container restarts and upgrades. Because the VPS is yours, you can layer additional firewall rules, fail2ban, off-site backups, or external object storage onto the same template without depending on a vendor's product roadmap, and the integrated Traefik proxy handles HTTPS automatically at your chosen subdomain so the service is production-ready as soon as deployment finishes.